Useful Linux commands

Here i am going to explain few useful linux commands which may be really handy when you need to troubleshoot sometimes.

First of all linux has every configuration file as  text file, so its really easy to modify as you like,

Firstly we will have a look on Users, Groups , Permissions,

Here we go first with Users,

In linux its really easy to create users and edit the user, Its all text file, Just like adding words in a word file.

To create user :

Remember we need to use always SUDO its like "super user do the work"

sudo adduser

to delete a user

sudo userdel

and this user details are stored in a file call Passwd which is in /etc/passwd location

using a text editor we can open the file and have a look.

sodo vi /etc/passwd this is where you can see all the created users and the system default users,

so you may think then where is the password to this user, you can see when you add a user the system the system will ask you to enter all the password , firstname, lastname, so its quite easy to create a user and set a password,

But what if you want to change the password for a user which was created earlier?
so issue the following command and set the new password

sudo passwd then enter, now you can see the system will ask you to enter the new password.

So the creation of user and changing the password is very simple,

Now as in windows, linux too has groups for each users. we will have a look how we can create modify a group in linux.

To create a group
sudo groupadd   

to delete a group
sudo groupdel   

now we will see how we can add a user which we have created just above to a group
so to add the user to a group
sudo adduser    

to delete user from a group
sudo deluser   remember the different between userdel and deluser, to delete user its userdel and to delete user form a  group its deluser

again as like the users , group details also saved as text file in the /etc/group location, with the help of vim or vi editor you can modify the groups and add users in this text file also. To add multiple users to a group just need to put comma (,) and add the user names on the right site that is all users added to group in text mode.

Now we will have a look on Permission, as you all know linux is more secure and really concern on its security on the files and directories so an administrator can change the security permission with the command call chmod.

basically linux has boolian number system to mention the permission
4- read
2-write
1-execute

so if a file has permission 777 means, in this three 7 each one of this for a special reason ,

the first digit is to specify the permission of this file owner , 2nd one to specify the permission of this file owner  group 3rd one is to mention the permission of every one else in this world,

So 7 means 4+2+1 which says the owner has permission to read , write and execute this file or directory,

the execute is a special case in linux where we may have some files to run like exe files in windows. so with out the execute permission we cannot run that file. So make sure if you have any files to execute you must give the permission.

consider a website you are running, so in that case you may need to do read and write work to htdocs directory.

so the user is you should have full permission , then give 7 to user, then the group of your user give 7 so every one in your group can have full permission, but what if you give full permission to everyone else? then ppl can do what ever they want and delete your files but remember some php files do need to execute so we ll give permission to read and execute and take the write permission out from others

so we will set the permission to 775 to a website directory. I hope you will get an idea about the permission now.

Alright so we have seen user, group, and permission but there is a big doubt while doing this all, what if i want to search a file in linux , how do i search?

linux has easy way to search files with different options,

sudo find -iname   , what is this iname means , its omit the case sensitive file name, So if you are not sure the file name has a capital or small letter dont worry just put -iname it will search and give you all the files such as Home,home,homE all are same in this case.

also if you are not sure the full file name you can use the * to search files with known characters such as wp-config.* this will display all the files with wp-config.

alright so we have come to a point where we got few idea about linux.

Now we will look the basic Networking stuffs in linux, this is very very basic only,

as in windows linux to has commands to see the ip address details but we have small change here , Windows use ipconfig but linux uses it as ifconfig.

and in windows we can release and renew the DHCP ip but then on linux how do you do that?

simple sudo dhclient this command will renew your IP from your DHCP server. remember we have to restart always if we do changes to a service so linux service for networking has to be restarted to active this changes , how do you restart the service?

sodu /etc/init.d/networking restart. this will restart the networking service , further you can use start, stop instead of  restart.

as i explained for users and group linux save the networking files details under the folowing location
using the vi editor we can open and see the configurations.

sudo vi /etc/networking/interfaces this is where we have the IP configuration details for linux.

if you want the linux machine to get IP from DHCP just modify the file as like this

iface eth0 inet DHCP 

if you want to assign IP manually then

iface eth0 inet static  then add the address details of your IP addres
Address
netmask
Network
Broadcast
gateway
DNS

So as we talk the DNS what is the file has the DNS details and resolve informations as like host file in windows
open the file sudo vi /etc/resolve.conf and change what ever the details you need to add,

if we talk DNS then we need to talk about the hostname as well so to see the hostname

sudo  /etc/hostname will display the hostname and to change this
sudo /etc/hostname

hope the details are use full and i ll keep posting more in future, on UFW firewall TAR and BACKUP.

Installing additional wordpress stack on a wordpress bitnami instance.

In this  post i am going to show the step by step installation of additional wordpress stack on a bitnami wordpress instance on AWS.

I hope this will help a lot to understand. Alright here we go.

First of all need to download the latest wordpress installation file in this post i am going to use the downloaded linux installation file.
file name: bitnami-wordpress-3.7.1-0-module-linux-x64-installer.run

I uploaded the file to /var/tmp via winSCP.

now lets see the installation steps.

Step 1:
go to /var/tmp

cd /var/tmp

sudo ./bitnami-wordpress-3.6.1-0-module-linux-x64-installer.run --wordpress_instance_name mywordpress

(mywordpress is the site name, later we need to do vhost to access this directly as a domain, until that i ll be accessing the new wordpress site as www.domain.com/mywordpress)

Step 2 :

step 3: 

Step 4:

Step 5: 

Step 6: 

Step 7:

All good , go to the URL and access the site. 

Enable or Disable Outlook Web App for a Mailbox

In this post i am willing to show you, how you can disable or enable the outlook web access through EAC, I hope this would help you to change/Edit your configuration easily.

1. In the EAC, navigate to Recipients > Mailboxes.
2. In the list of user mailboxes, click the mailbox that you want to enable or disable Outlook Web App for
3. On the mailbox properties page, click Mailbox Features.
4. Under Email Connectivity, do one of the following:
   
   • To disable Outlook Web App, under Outlook Web App: Enabled, click Disable.
     A warning appears asking if you're sure you want to disable Outlook Web App. Click Yes.
   • To enable Outlook Web App, under Outlook Web App: Disabled, click Enable.
5. Click Save to save your change.

How to backup a single mailbox in exchange server 2010

The easiest way to backup a singlemail box is to get the user to export his mailbox to a PST file but what if the user left the company, or you need to do it in the server?

This can be done using console command

What do you need to do is first give your account the permission to export the user mailbox.


[PS] C:\Windows\system32>New-ManagementRoleAssignment -Role "Mailbox Import Export" -User Administrator

close and reopen  then console before you try to export the mailbox.

now export the mail box to a folder 

New-MailboxExportRequest -Mailbox Saththiyan -FilePath \\exchange\c$\saththiyan.pst

Thats all go to c drive and check for the pst file. 

The Security database on the server does not have a computer account for this workstation trust relationship

If you receive the error: “The Security database on the server does not have a computer account for this workstation trust relationship” when you are tying to login to a domain account .This article will help fix this error when trying to logon to a domain account of a computer in a network.

To do this you will need:

· Access to the Domain Controller (DC)

· Domain administrators logon details

· The Workstations Local admin account login details

1. Login to the Domain controller and check to see if the Computer, which is having the issues, is available in Active Directory (AD).

a. Goto Start → Administrative tools → Active directory Users and Computers

b. Navigate to the List of computers that are connected to the domain.

2. If the computer isn’t available in this list you will just need to, on the computer, remove the computer from the current domain that it is on and then add it to the domain that it needs to be located on (see steps below). However if the computer is in the List you will need to:

a. Remove the computer from the current domain (on the local computer)

b. Delete the computer from AD (on the DC)

i. Right Click on the computer

ii. Click on Delete

For Windows Vista/7 & 8

1. Click the Start Menu and then right click Computer and go to Properties.

2. Click Change settings

3. Click Change

4. On the new window that should have popped up click the radio button next to Domain or Workgroup (depending if you are adding or removing the computer to the domain or a workgroup) (domain.local)or Workgroup name then click OK

5. You will be asked to provide the credentials of an account that has the rights to add the computer to the domain. Enter the username and password for the Administrator account.

6. After a brief pause you will be prompted with a welcome message. Click OK/Yes through these and the Computer should restart. If not tell the computer to restart.

7. Once booted again you can log in as the new user and set up an email account or anything else required by the user.

** If you ever need to remove a computer from the domain you can follow this procedure and select the WORKGROUP radio button instead of Domain in step 4. Bear in mind you will need to know the username and password of a local computer account in order to access the computer once it has been removed from the domain. **

How to Upgrade to Windows 8.1 From Windows 8

Make sure your PC has all recent Windows updates.
1a. Click settings on the Charms menu.

1b. Click Change PC settings.

1c. Select Windows Update

1d. Click the Check for updates now button to see if there are any new files. 

1e. Force any updates to install immediately by clicking on the “We’ll install . . . automatically” link then Intall.

2. Open the Windows Store app.

3. Click the Update to Windows 8.1 button. If you don’t see this button on the screen, check for updates again, close and reopen the Windows Store or reboot your machine.

4. Click the Download button to confirm

You may have to wait 30 minutes or more for the install to download, but you can keep using your computer during this time.

5. Click Restart Now when prompted

Your computer will then take several minutes installing Windows 8.1, complete with at least one reboot. You can walk away from your computer and do something else for 5 minutes or more because your input won’t be required for a while.

6.Click “I Accept” when presented with the License terms.

7. Click Use Express Settings at the bottom of the screen. You can also choose custom settings, but we find the Express settings work well for most users

8. Sign in to Windows as you normally would.

9. Allow Windows to send a security code to your phone if it prompts you. You can skip this step, but may not be able to sync your account across PCs without performing it later.

10. Enter the code you received on your phone at the prompt.

11. Click Next on the Skydrive screen.

You will then have to wait a few minutes while Windows finishes the install process. You’ll see some messages on the screen that say it is setting up and installing apps. 

Install certificate to iPhone ( Active Directory based Authentication)

Active Directory

Create a new computer entry under the Mobile Devices OU ( which is the one i am using for mobile hardware devices)

Enable Advanced Features under the View menu, then open the newly created computer object. Go to Attribute Editor and add the following attributes:

1. dNSHostName: devel1-ipad.domain.com.au
2. operatingSystem: iOS (descriptive only - doesn't affect EAP-TLS)
3. servicePrincipalName: HOST/devel1-ipad.domain.com.au (this is the name the device sends during the EAP-TLS negotiation, but with HOST in lowercase)

Certificate

Via the Certificate MMC snap-in (personal certificates), request a mobile device certificate. You need to have permission to enroll this certificate template.

1. Subject name: (Common name) devel1-ipad.domain.com.au
2. Alternative name: (DNS) devel1-ipad.domain.com.au
3. Friendly name: Development Team iPad 1 (match the description in the Active Directory computer object you created)

The certificate should successfully create and return signed by the Issuing CA.

Export the certificate (no private key) as DER encoded binary X.509 (.CER) by right-clicking on the certificate in the snap-in.

As an administrator (i.e. a user with Active Directory object modification rights), publish the exported certificate (file) to Active Directory:

> certutil -v -f -dspublish "devel1-ipad.cer" Machine

-------------------------------------------------------------------------------

Result

CN=devel1-ipad,OU=Mobile Devices,OU=Staff,OU=Hardware,DC=Domain,DC=com,DC=au?userCertificate

Certificate added to DS store.

CertUtil: -dsPublish command completed successfully.




Client-Side Configuration

iPhone Configuration Utility (both iOS and OS X)

Using the iPhone Configuration Utility, create a new (or duplicated) configuration profile.

Go to DC and open the iphone configuration utility software

In the Credentials tab:

• Import the company's Root certificate and the device certificate.
• Enter the device certificate's password (to match the one you used after selecting it).

In the Wi-Fi tab:

• Service Set Identifier: Network S
• Hidden Network: not ticked
• Security Type: WPA / WPA2 Enterprise
• Protocols: TLS (ticked), all others (unticked)
• Authentication / Username: host/hostname.domain.com.au (must match the Active Directory servicePrincipalName) N.B. "host" MUST be in lowercase, otherwise the AD service principal lookup will fail.
• Authentication / Identity Certificate: select the device certificate.
• Export the file to desktop as none security. 
• copy the .mobileconfig file to desktop machine whether the Apple device connected. 
• Open the Iphone configuration utility 
• file --> add to library 
• click on the device name on the left hand site.
• select the configuration profile.
• click install.
• then it ll pop up in the device and finish the installation on the device.

Push to the device by attaching via USB, going to the device's configuration profiles tab and clicking on Install for the relevant profile.